Computer intrusions are inevitable. When an intrusion happens, forensic analysis is critical to understanding the attack. An administrator needs to determine how the attacker broke in, what he changed, and what privileged information he may have seen. Unfortunately, current security logging systems are incomplete, leaving large gaps in the knowledge of what happened. Execution replay is a practical way to add completeness to forensic logging. To show this, we describe ReVirt, a virtual machine execution replay system capable of security-grade logging. ReVirt can reconstruct the entire past state of the system at any point in time, including memory and disk, and can re-execute. This enables security tools that use ReVirt to gather arbitra...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
International audienceIdentifying the root cause and impact of a system intrusion remains a foundati...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
Logging is a well-established technique to record dynamic information during system execution. It ha...
Log-based recovery and replay systems are important for system reliability, debugging and postmortem...
Abstract: Virtual-machine logging and replay enables system administrators to analyze intrusions mor...
Hardware security features need to strike a careful balance between design intrusiveness and complet...
In this thesis we explore methods for exploiting concurrency to improve the security and performance...
System logging is an essential component of building and maintaining secure systems. Unfortunately, ...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Replaying traces is a time-honored method for benchmarking, stress-testing, and debugging systems—an...
Recent embedded real-time software tends to be multithreaded and constrained by stringent timing req...
For the most part, forensic analysis of computer systems requires that one first identify suspicious...
Forensic analysis is the process of understanding, re-creating, and analyzing arbitrary events that ...
The post-mortem state of a compromised system may not contain enough evidence regarding what transpi...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
International audienceIdentifying the root cause and impact of a system intrusion remains a foundati...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
Logging is a well-established technique to record dynamic information during system execution. It ha...
Log-based recovery and replay systems are important for system reliability, debugging and postmortem...
Abstract: Virtual-machine logging and replay enables system administrators to analyze intrusions mor...
Hardware security features need to strike a careful balance between design intrusiveness and complet...
In this thesis we explore methods for exploiting concurrency to improve the security and performance...
System logging is an essential component of building and maintaining secure systems. Unfortunately, ...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Replaying traces is a time-honored method for benchmarking, stress-testing, and debugging systems—an...
Recent embedded real-time software tends to be multithreaded and constrained by stringent timing req...
For the most part, forensic analysis of computer systems requires that one first identify suspicious...
Forensic analysis is the process of understanding, re-creating, and analyzing arbitrary events that ...
The post-mortem state of a compromised system may not contain enough evidence regarding what transpi...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
International audienceIdentifying the root cause and impact of a system intrusion remains a foundati...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...